<?php
define("TOKEN", "c38c7e9f802d954d1e51a1febd59015d");
$wechatObj = new wechatCallback();
$wechatObj->valid();
$wechatObj->responseMsg();

class WechatCallback
{
    // 函数入口
	public function valid()
    {
        $echoStr = $_GET["echostr"];

        //valid signature , option
        if($this->checkSignature()){
        	echo $echoStr;
        }
        return 200;
    }
    
    // 用户发送信息 返回
    public function responseMsg()
    {
        $postStr = file_get_contents('php://input');
        libxml_disable_entity_loader(true);
        $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);

        if ($postObj->MsgType == 'event' && $postObj->Event == 'subscribe') {
            $this->userFollow($postObj);
            exit;
        }else{
            if (!empty($postStr)) {
                // 公用 start
                $keyword = trim($postObj->Content);
                // 公用 end
                if($keyword=="验证码"){
                    $this->getVerifyCode($postObj);
                }
            }
        }
    }
    
    // 用户关注
    public function userFollow($postObj){
         $textTpl = "<xml>
                    <ToUserName><![CDATA[%s]]></ToUserName>
                    <FromUserName><![CDATA[%s]]></FromUserName>
                    <CreateTime>%s</CreateTime>
                    <MsgType><![CDATA[%s]]></MsgType>
                    <Content><![CDATA[%s]]></Content>
                </xml>";
        $contentStr = '欢迎关注！';
        $resultStr = sprintf($textTpl, $postObj->FromUserName, $postObj->ToUserName, time(), 'text', $contentStr);
        echo $resultStr;
    }
    
    // 随机验证码
    public function getVerifyCode($postObj){
       $textTpl = "<xml>
                    <ToUserName><![CDATA[%s]]></ToUserName>
                    <FromUserName><![CDATA[%s]]></FromUserName>
                    <CreateTime>%s</CreateTime>
                    <MsgType><![CDATA[%s]]></MsgType>
                    <Content><![CDATA[%s]]></Content>
                </xml>";
        $contentStr = '验证码：'.$this->generateRandomCode().' 有效期5分钟！';
        $resultStr = sprintf($textTpl, $postObj->FromUserName, $postObj->ToUserName, time(), 'text', $contentStr);
        echo $resultStr;
    }
    
		
    // 生成随机数
    public function generateRandomCode($length = 4)
    {
        $min = pow(10, $length - 1);
        $max = pow(10, $length) - 1;
        return rand($min, $max);
    }
    
    // token 验证
    private function checkSignature()
	{
        if (!defined("TOKEN")) {
            throw new Exception('TOKEN is not defined!');
        }
        
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];
        		
		$token = TOKEN;
		$tmpArr = array($token, $timestamp, $nonce);
        // use SORT_STRING rule
		sort($tmpArr, SORT_STRING);
		$tmpStr = implode( $tmpArr );
		$tmpStr = sha1( $tmpStr );
		
		if( $tmpStr == $signature ){
			return true;
		}else{
			return false;
		}
	}
	
}

?>